Jump to Content

This API Documentation is now deprecated

We are excited to announce our new API Documentation.

Class GetOrganizationsAccessReportCommandProtected

Retrieves the service last accessed data report for Organizations that was previously generated using the GenerateOrganizationsAccessReport operation. This operation retrieves the status of your report job and the report contents.

Depending on the parameters that you passed when you generated the report, the data returned could include different information. For details, see GenerateOrganizationsAccessReport.

To call this operation, you must be signed in to the management account in your organization. SCPs must be enabled for your organization root. You must have permissions to perform this operation. For more information, see Refining permissions using service last accessed data in the IAM User Guide.

For each service that principals in an account (root user, IAM users, or IAM roles) could access using SCPs, the operation returns details about the most recent access attempt. If there was no attempt, the service is listed without details about the most recent attempt to access the service. If the operation fails, it returns the reason that it failed.

By default, the list is sorted by service namespace.

Example

Use a bare-bones client and the command you need to make an API call.

import { IAMClient, GetOrganizationsAccessReportCommand } from "@aws-sdk/client-iam"; // ES Modules import
// const { IAMClient, GetOrganizationsAccessReportCommand } = require("@aws-sdk/client-iam"); // CommonJS import
const client = new IAMClient(config);
const input = { // GetOrganizationsAccessReportRequest
JobId: "STRING_VALUE", // required
MaxItems: Number("int"),
Marker: "STRING_VALUE",
SortKey: "SERVICE_NAMESPACE_ASCENDING" || "SERVICE_NAMESPACE_DESCENDING" || "LAST_AUTHENTICATED_TIME_ASCENDING" || "LAST_AUTHENTICATED_TIME_DESCENDING",
};
const command = new GetOrganizationsAccessReportCommand(input);
const response = await client.send(command);
// { // GetOrganizationsAccessReportResponse
// JobStatus: "IN_PROGRESS" || "COMPLETED" || "FAILED", // required
// JobCreationDate: new Date("TIMESTAMP"), // required
// JobCompletionDate: new Date("TIMESTAMP"),
// NumberOfServicesAccessible: Number("int"),
// NumberOfServicesNotAccessed: Number("int"),
// AccessDetails: [ // AccessDetails
// { // AccessDetail
// ServiceName: "STRING_VALUE", // required
// ServiceNamespace: "STRING_VALUE", // required
// Region: "STRING_VALUE",
// EntityPath: "STRING_VALUE",
// LastAuthenticatedTime: new Date("TIMESTAMP"),
// TotalAuthenticatedEntities: Number("int"),
// },
// ],
// IsTruncated: true || false,
// Marker: "STRING_VALUE",
// ErrorDetails: { // ErrorDetails
// Message: "STRING_VALUE", // required
// Code: "STRING_VALUE", // required
// },
// };

Param

GetOrganizationsAccessReportCommandInput

Returns

GetOrganizationsAccessReportCommandOutput

See

Throws

NoSuchEntityException (client fault)

The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.

Throws

IAMServiceException

Base exception class for all service exceptions from IAM service.

Example

To get details from a previously generated organizational unit report

// The following operation gets details about the report with the job ID: examplea-1234-b567-cde8-90fg123abcd4
const input = {
"JobId": "examplea-1234-b567-cde8-90fg123abcd4"
};
const command = new GetOrganizationsAccessReportCommand(input);
const response = await client.send(command);
/* response ==
{
"AccessDetails": [
{
"EntityPath": "o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-1a2b3c-k9l8m7n6o5example/111122223333",
"LastAuthenticatedTime": "2019-05-25T16:29:52Z",
"Region": "us-east-1",
"ServiceName": "Amazon DynamoDB",
"ServiceNamespace": "dynamodb",
"TotalAuthenticatedEntities": 2
},
{
"EntityPath": "o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-1a2b3c-k9l8m7n6o5example/123456789012",
"LastAuthenticatedTime": "2019-06-15T13:12:06Z",
"Region": "us-east-1",
"ServiceName": "AWS Identity and Access Management",
"ServiceNamespace": "iam",
"TotalAuthenticatedEntities": 4
},
{
"ServiceName": "Amazon Simple Storage Service",
"ServiceNamespace": "s3",
"TotalAuthenticatedEntities": 0
}
],
"IsTruncated": false,
"JobCompletionDate": "2019-06-18T19:47:35.241Z",
"JobCreationDate": "2019-06-18T19:47:31.466Z",
"JobStatus": "COMPLETED",
"NumberOfServicesAccessible": 3,
"NumberOfServicesNotAccessed": 1
}
*/
// example id: getorganizationsaccessreport-ou

Hierarchy

Constructors

Properties

Methods

Constructors

Properties

Methods